FREE GRC Workshop

LEARN MORE

Recommended Event: Convene: Boston | Cybersecurity & Human Risk Conference Aug 13 - 14, 2026

The Rise of Banking-Grade FIDO Authentication: Closing the Trust Gap

Solution Category Fraud Prevention
Type Webinar
Organization Outseer

Webinar Description

Key Takeaways

  • Examines why FIDO passkeys alone may not provide sufficient fraud protection for financial institutions
  • Explores the integration of behavioural biometrics, device intelligence and adaptive risk assessment with passwordless authentication
  • Addresses the transition away from SMS one-time passwords toward more resilient authentication methods
  • Discusses regulatory implications including PSD3 compliance requirements
  • Designed for CISOs, fraud prevention teams, risk managers and security executives in banking and payments

Introduction

“The Rise of Banking-Grade FIDO Authentication: Closing the Trust Gap” is a webinar addressing the evolving authentication challenges facing banks, payment processors and financial services organisations. Hosted by The Paypers, the session brings together perspectives from Outseer and Santander Deutschland to examine why traditional strong authentication methods are proving insufficient against increasingly sophisticated fraud techniques, and how financial institutions can build more comprehensive identity verification frameworks.

The timing reflects a broader industry reckoning with authentication effectiveness. While FIDO passkeys have gained significant traction as a phishing-resistant alternative to passwords and SMS-based verification, financial institutions are discovering that successful authentication does not necessarily indicate legitimate activity. Fraudsters have adapted their techniques to operate within authenticated sessions, exploiting the gap between identity verification and transaction integrity.

About This Event

This virtual session takes a webinar format featuring expert speakers and moderated discussion. The educational focus targets executive-level professionals responsible for authentication strategy, fraud prevention and regulatory compliance within financial services organisations. Representatives from Outseer, a security vendor specialising in fraud prevention, and Santander Deutschland contribute practitioner and vendor perspectives on implementing advanced authentication frameworks.

The Limitations of Standalone FIDO Authentication

FIDO passkeys represent a significant advancement in authentication security, eliminating many vulnerabilities associated with knowledge-based credentials and SMS one-time passwords. The cryptographic approach binds authentication to specific devices and resists phishing attacks that have long plagued traditional methods. However, the webinar examines a critical distinction that financial institutions must understand: authentication success confirms that the legitimate credential holder initiated a session, but provides no assurance about what happens within that session.

This limitation becomes particularly relevant in financial services, where account takeover represents only one fraud vector among many. Social engineering attacks can manipulate authenticated users into authorising fraudulent transactions. Malware operating on compromised devices can hijack legitimate sessions. Authorised push payment fraud exploits the trust established through successful authentication to facilitate scams. For these scenarios, verifying identity at the point of login addresses only part of the risk equation.

Building Layered Fraud Intelligence

The concept of “banking-grade” authentication, as explored in this session, extends beyond credential verification to encompass continuous risk assessment throughout the customer journey. This approach integrates multiple intelligence sources to detect anomalous behaviour even when authentication succeeds.

Behavioural biometrics analyse how users interact with devices, examining patterns such as typing rhythm, mouse movements and touchscreen pressure. These characteristics are difficult for fraudsters to replicate, even when they possess valid credentials or have compromised a device. Deviations from established behavioural patterns can trigger additional verification or transaction blocks.

Device intelligence evaluates the trustworthiness of the hardware and software environment from which authentication originates. This includes detecting rooted or jailbroken devices, identifying remote access tools, recognising device spoofing attempts and assessing whether the device matches historical patterns for the account holder.

Adaptive risk assessment synthesises signals from authentication events, behavioural analysis, device evaluation and transaction context to calculate real-time risk scores. Rather than applying uniform security measures to all interactions, this approach enables financial institutions to calibrate friction according to assessed risk, applying additional verification only when warranted.

Regulatory Pressures and PSD3 Implications

The discussion addresses how evolving regulatory frameworks are shaping authentication requirements for European financial institutions. PSD3, the forthcoming revision to the Payment Services Directive, is expected to strengthen requirements around fraud prevention and customer protection while maintaining the strong customer authentication principles established under PSD2.

Financial institutions face the challenge of implementing authentication systems that satisfy regulatory requirements without creating excessive friction that drives customers toward less regulated alternatives. The webinar explores how layered authentication approaches can demonstrate regulatory compliance while preserving the seamless experiences that customers increasingly expect from digital banking services.

Moving Beyond SMS One-Time Passwords

A significant portion of the session addresses the industry transition away from SMS-based verification. Despite widespread recognition of its vulnerabilities, including SIM swapping attacks, SS7 protocol exploits and social engineering of mobile carrier staff, SMS OTP remains prevalent across financial services. The persistence reflects both customer familiarity and the complexity of migrating established authentication infrastructure.

The webinar examines practical considerations for institutions planning this transition, including how to maintain accessibility for customers who may lack smartphones capable of supporting passkey technology, and how to manage the parallel operation of legacy and modern authentication methods during migration periods.

Who Should Attend

The session targets senior professionals with responsibility for authentication strategy and fraud prevention within financial services organisations. This includes Chief Information Security Officers evaluating authentication technology investments, heads of fraud and risk management seeking to reduce losses while maintaining customer experience, and compliance professionals preparing for evolving regulatory requirements.

IT and cybersecurity teams responsible for implementing authentication infrastructure will find value in the technical discussion of how FIDO integrates with supplementary fraud detection capabilities. Decision-makers at banks, card issuers and payment processors considering authentication modernisation programmes represent the primary audience for the strategic perspectives offered.

Balancing Security and Customer Experience

Financial institutions operate under competing pressures that make authentication strategy particularly challenging. Security teams advocate for rigorous verification to prevent fraud losses and regulatory penalties. Customer experience teams highlight abandonment rates and competitive disadvantage when authentication creates friction. The webinar addresses this tension directly, examining how risk-based approaches can apply appropriate security measures without subjecting low-risk transactions to unnecessary verification steps.

The concept of “closing the trust gap” referenced in the event title speaks to this balance. Institutions must trust that authenticated users are who they claim to be, but must also verify that their behaviour within authenticated sessions aligns with legitimate activity patterns. Achieving both objectives simultaneously requires the integration of technologies that the session explores in detail.